Ransomware halts IoT operations at Sierra Wireless, as maritime industry is hit 1.5mn times in 30 days

Last week started with some sensible guidance on cyber security. By Wednesday the theory became a nightmare reality for one of the Internet of Things (IoT) majors, Vancouver-based Sierra Wireless as it was halted by an all-out ransomware attack.

Of course, cyber security advice reaches us all the time, says Jeremy Cowan, and we regularly share the experts’ advice on protection measures for enterprises in IoT or any other industry. But it is still shocking to see a well-equipped solution provider struck so hard.

Sierra Wireless discovered on March 20th that its internal IT systems were under ransomware attack, and publicly announced it on March 23rd. A brief initial statement says, “Once the company learned of the attack, its IT and operations teams immediately implemented measures to counter the attack in accordance with established cybersecurity procedures and policies that were developed in collaboration with third-party advisors.

These teams, with the assistance of these and additional third-party advisors, believe they have addressed the attack, and are currently working to bring Sierra Wireless’ internal IT systems back online.”

As a result of the ransomware attack the company halted production at its manufacturing sites. Its website and other internal operations have also been disrupted.

Separate internal and customer IT

On March 26th the company says, “We believe the attack has been addressed, have resumed production and are currently working to bring Sierra Wireless’ internal IT systems back online, including our website. We believe the impact of the attack was limited to Sierra Wireless’ internal IT systems and corporate website, as we maintain a clear separation between our internal IT systems and customer facing products and services.

We believe that our products and connectivity services were not impacted, and that our customers’ products and systems were not breached during the attack. At this point in our investigation of the ransomware attack, we do not expect there to be any product security patches, or firmware or software updates required as a result of the attack.”

Sam Cochrane, chief financial officer at Sierra Wireless who also oversees IT operations and supply chain commented, “Security is a top priority, and Sierra Wireless is committed to taking all appropriate measures to ensure the highest integrity of all of our systems. I’m proud of the efforts of our IT team and external advisors as they have mitigated the attack and made real progress in getting operations up and running. As the investigation continues, Sierra Wireless commits to communicating directly to any impacted customers or partners, whom we thank for their patience as we work through this situation.”

Ryan Weeks

At the time of writing, Sierra Wireless’s website simply shows the company’s ransomware announcement with links to the earlier reports on BusinessWire. No other pages are visible.

IoT analyst and co-founder of Transforma Insights, Matt Hatton commented that the attack is, “another argument for keeping your IT and OT (operations technology) unconverged.”

Plenty of advice, but what protections?

This news coincided with advice from Ryan Weeks, CISO at Datto on the recent cyber attack on Acer. “The recent attacks are a validation that it can happen to anyone – businesses of all sizes are at risk. Vulnerabilities of this size can be too complex for an organisation to address on its own: MSPs and MSSPs – often operating as the first line of defence – can protect their clients from an increasingly complex and fast changing threat landscape. To address these types of threats, MSPs and MSSPs need to think beyond established security tools and build true cyber resilience, the most impactful strategy in the fight against cyber-attacks.”

Weeks added, “Cyber resilience combines the effective practices of cybersecurity, business continuity and incident response and requires capabilities in five functional areas: identify, protect, detect, respond, and recover. These capabilities cannot be bought, they need to be built, combining people, processes, and technology. With the right cyber resilience capabilities, MSPs and MSSPs can protect their clients from unknown threats, minimise the impact of attacks and reduce downtime.”

Maritime IT security under major threat

Meanwhile, Subex and SkyLab have also teamed up to secure the shipping industry. TheBangalore and Singapore companies are partnering to offer IoT and OT cybersecurity solutions and services to the maritime sector.

These solutions are already securing ships, offshore and onshore maritime assets, communication channels and shipping infrastructure, all of which will now receive cybersecurity protection, threat risk management support, solutions and services.

According to Subex’s research, shipping companies around the globe were attacked almost 1.5 million times just in the last 30 days. Of these, more than 64,000 attacks were described as “highly sophisticated and carried out using complex malware and breach tactics. Social engineering, deception, and traffic manipulation were all used to create breaches and enable intrusion into core and peripheral infrastructure.”

Anyone who believed prior to the Acer and Sierra Wireless’s attacks that it will never happen to them might want to review their security, back-up and business continuity processes.

The author is Jeremy Cowan, editorial director of IoT Now.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

RECENT ARTICLES

Sateliot works with AWS on cloud native 5G satellite network to connect IoT devices directly to satellites

Posted on: October 4, 2022

San Diego, United States – Sateliot, a satellite telecommunications operator, is working with Amazon Web Services (AWS) to build a cloud native 5G service designed to provide customers with secure and reliable narrowband IoT (NB-IoT) connectivity over non-terrestrial network using its low earth orbit (LEO) satellite constellation. These revolutionary satellites act as cell towers from

Read more

WISeKey selected by ODIN Solutions to secure its IoT sensors and applications and enable them with WISeSAT satellite communications

Posted on: October 4, 2022

WISeKey International Holding, a security certificate authority and provider of identity solutions, announced at the Smart Agrifood Summit held in Málaga, Spain that it has been selected by ODIN Solutions, a Spanish multidisciplinary IoT integrator and sensor manufacturer, to integrate WISeKey secure technology within their IoT sensor leveraging of VaultIC Secure elements.

Read more
FEATURED IoT STORIES

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more

What is IoT?

Posted on: July 7, 2019

What is IoT Data as a new oil IoT connectivity What is IoT video So what’s IoT? The phrase ‘Internet of Things’ (IoT) is officially everywhere. It constantly shows up in my Google news feed, the weekend tech supplements are waxing lyrical about it and the volume of marketing emails I receive advertising ‘smart, connected

Read more
IoT Newsletter

Join the IoT Now online community for FREE, to receive: Exclusive offers for entry to all the IoT events that matter, round the world

Free access to a huge selection of the latest IoT analyst reports and industry whitepapers

The latest IoT news, as it breaks, to your inbox